You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/11/03 14:19:00 UTC

[jira] [Work logged] (HIVE-24330) Automate setting permissions on cmRoot directories.

     [ https://issues.apache.org/jira/browse/HIVE-24330?focusedWorklogId=507082&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-507082 ]

ASF GitHub Bot logged work on HIVE-24330:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 03/Nov/20 14:18
            Start Date: 03/Nov/20 14:18
    Worklog Time Spent: 10m 
      Work Description: aasha commented on a change in pull request #1630:
URL: https://github.com/apache/hive/pull/1630#discussion_r516432822



##########
File path: standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/ReplChangeManager.java
##########
@@ -20,21 +20,25 @@
 
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.List;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.Lists;
 import org.apache.commons.lang3.concurrent.BasicThreadFactory;
 import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.FileChecksum;
-import org.apache.hadoop.fs.FileStatus;
-import org.apache.hadoop.fs.FileSystem;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.fs.PathFilter;
-import org.apache.hadoop.fs.Trash;
+import org.apache.hadoop.fs.*;

Review comment:
       Fix this import

##########
File path: standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/ReplChangeManager.java
##########
@@ -606,6 +610,44 @@ public Void execute() throws IOException {
     }
   }
 
+  /* 
+   * Assign cmRoot to group of warehouse directory.
+   * If warehouse directory cannot be determined then give rwx permissions to default group of cmroot.
+   */
+  private static void setCmRootPermissions(Path cmroot) throws IOException{
+    FileSystem cmFs = cmroot.getFileSystem(conf);
+    cmFs.setPermission(cmroot, new FsPermission("770"));
+    try {
+      FileStatus warehouseStatus = cmFs.getFileStatus(new Path(MetastoreConf.get(conf, ConfVars.WAREHOUSE.getVarname())));
+
+      //if wh-owner is same as cmroot owner, then change the group if required.

Review comment:
       this comment is not clear

##########
File path: standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/ReplChangeManager.java
##########
@@ -606,6 +610,44 @@ public Void execute() throws IOException {
     }
   }
 
+  /* 
+   * Assign cmRoot to group of warehouse directory.
+   * If warehouse directory cannot be determined then give rwx permissions to default group of cmroot.
+   */
+  private static void setCmRootPermissions(Path cmroot) throws IOException{
+    FileSystem cmFs = cmroot.getFileSystem(conf);
+    cmFs.setPermission(cmroot, new FsPermission("770"));
+    try {
+      FileStatus warehouseStatus = cmFs.getFileStatus(new Path(MetastoreConf.get(conf, ConfVars.WAREHOUSE.getVarname())));
+
+      //if wh-owner is same as cmroot owner, then change the group if required.
+      //else add acl for wh-group.
+      String warehouseOwner = warehouseStatus.getOwner();
+      String warehouseGroup = warehouseStatus.getGroup();
+      if (warehouseOwner.equals(cmFs.getFileStatus(cmroot).getOwner())) {
+        FsAction whOwnerAction = warehouseStatus.getPermission().getUserAction();
+        FsAction whGroupAction = warehouseStatus.getPermission().getGroupAction();
+        FsAction whOtherAction = warehouseStatus.getPermission().getOtherAction();
+        if(!warehouseGroup.equals(cmFs.getFileStatus(cmroot).getGroup())) {
+          cmFs.setOwner(cmroot, null, warehouseGroup);
+          cmFs.setPermission(cmroot, new FsPermission(whOwnerAction, whGroupAction, whOtherAction));
+        }
+      } else {
+        if(!warehouseGroup.equals(cmFs.getFileStatus(cmroot).getGroup())) {

Review comment:
       A log line here stating cmroot and warehouse owners are different

##########
File path: itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/TestReplChangeManager.java
##########
@@ -434,6 +437,60 @@ public void testRecycleUsingImpersonation() throws Exception {
     } while (!cleared);
   }
 
+  @Test
+  public void tesRecyleImpersionationWithGroupPermissions() throws Exception {

Review comment:
       test for acl access




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 507082)
    Time Spent: 0.5h  (was: 20m)

> Automate setting permissions on cmRoot directories.
> ---------------------------------------------------
>
>                 Key: HIVE-24330
>                 URL: https://issues.apache.org/jira/browse/HIVE-24330
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Arko Sharma
>            Assignee: Arko Sharma
>            Priority: Major
>              Labels: pull-request-available
>         Attachments: HIVE-24330.01.patch, HIVE-24330.02.patch, HIVE-24330.03.patch, HIVE-24330.04.patch, HIVE-24330.05.patch
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)